ipsec broken
Alberto Bursi
bobafetthotmail at gmail.com
Mon Dec 28 05:09:40 EST 2020
On 27/12/20 16:49, Mao Mei wrote:
> It seems that ipsec has been broken for a long time. see
> https://forum.openwrt.org/t/ipsec-has-been-broken-for-a-while/81120
>
> log on mt7621:
>
> 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
> 12[KNL] got SPI cecfbd68
> 12[KNL] adding SAD entry with SPI cecfbd68 and reqid {1}
> 12[KNL] using encryption algorithm AES_CBC with key size 128
> 12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
> 12[KNL] using replay window of 32 packets
> 12[KNL] HW offload: no
> 12[KNL] received netlink error: No such file or directory (2)
> 12[KNL] unable to add SAD entry with SPI cecfbd68 (FAILED)
> 12[KNL] adding SAD entry with SPI 04c603db and reqid {1}
> 12[KNL] using encryption algorithm AES_CBC with key size 128
> 12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
> 12[KNL] using replay window of 0 packets
> 12[KNL] HW offload: no
> 12[KNL] received netlink error: No such file or directory (2)
> 12[KNL] unable to add SAD entry with SPI 04c603db (FAILED)
> 12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
> 12[IKE] failed to establish CHILD_SA, keeping IKE_SA
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
that package is maintained in the community feeds, please open an issue
https://github.com/openwrt/packages/issues
and use "@stintel" in the maintainer field to ping the maintainer
-Alberto
More information about the openwrt-devel
mailing list